Akeyless SCP

Suggest Edits

Akeyless SCP enables secure copy via Secure Remote Access Bastion.

👍

Note:

Akeyless SCP currently supports only UNIX-like OS.

Prerequisite

Usage

  1. Download Akeyless SCP script: 
curl -o akeyless-scp https://download.akeyless.io/Akeyless_Artifacts/Linux/SSH/akeyless-scp
chmod +x akeyless-scp
mv akeyless-scp /usr/local/bin
  1. Create your ~/.akeyless-sphere.rc :
# ---------------------------------------------------------------------
# Copyright © 2021  Akeyless Security LTD.
#
# All rights reserved
# ----------------------------------------------------------------------

#
# This file is a user-specific configuration file for akeyless-sphere Zero Trust Access
# it should be located in user home directory named .akeyless-sphere.rc
#

# identity_file - the path to the ssh-key to be signed and used for Zero Trust session (if empty, default ssh-key is used)
identity_file=""

# cert_issuer_name - full path to the Akeyless SSH Cert Issuer to use for Zero Trust session
cert_issuer_name=""

# profile - Akeyless CLI profile to be used
profile="default"

# Akeyless CLI binary (if needed)
AKEYLESS_CLI=akeyless

# AKEYLESS_API_GW - URL for Akeyless API Gateway (RestAPI)
AKEYLESS_API_GW=""

# Following are used for control service, to configure the temporary session:
# ${BASTION_API_PROTO_}://"${BASTION_API_PREFIX_}${JB_SRV_}${BASTION_API_PATH_}":"${BASTION_API_PORT_}
#
BASTION_API_PREFIX_=""
BASTION_API_PATH_=""
BASTION_API_PROTO_=http
BASTION_API_PORT_=9900

# Allow caching of temp session creds
SESSION_CACHING=no

# Display connection stages
DISPLAY_STAGES=yes

# Use SSH Agent to store user's identity keys.
USE_SSH_AGENT=yes

Where:

CERT_ISSUER_NAME - Full path to Akeyless SSH Cert Issuer.

AKEYLESS_API_GW - URL of Akeyless Gateway RestAPI endpoint.

  1. Use akeyless-SCP command to perform secure copy to remote target server via Akeyless Secure Remote Access Bastion:

Full options list:

Usage: /usr/local/bin/akeyless-scp <[email protected][:port]> via <jumpbox-server[:port]> [options]

optional arguments:
    --cert-issuer-name      Akeyless certificate issuer name [mandatory]
    --local-file            File to copy [mandatory]
    --remote-file           File to copy [default is '~/']
    --direction             upload/download [default is 'upload']
    --profile               Use a specific profile from your Akeyless CLI
    -i                      Selects a file from which the identity (private key) for public key authentication is read [default is '~/.ssh/id_rsa']
    --ssh-extra-args        Use to add offical SSH arguments (except -i)

For example, this command will start to copy a local file, to a remote server.

akeyless-scp [email protected] via <sra-bastion-ssh-service> --local-file /full/local/location/file --remote-file /remote/location/file

Updated about 1 month ago

Did this page help you?